MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d
SHA3-384 hash: 845e530870a903e73d248cd2b7b2ce7c42737cb8cdc12bb448fbe564e4f1294bc93541c1d1f76b90977b39591cc8bf17
SHA1 hash: f6bd6b1da29aa07f74e5bdfe1fbc144461d5df66
MD5 hash: 91a5971e4b36b93a28033688c59c2c9e
humanhash: lactose-batman-nevada-blue
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'224 bytes
First seen:2026-05-05 14:11:04 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:iE0f0DwnGEX6EQDG3ET9gEp6E0K02LwHE2b2NEqoElkLEMKJEv2E5muQEYzkEOkG:i6tMVfDEm3LSVpv48l0
TLSH T1F5617DCAF0B54EB66F52A953B3B486077692E4DB25CAFF0576ED34B0844CE083C91672
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://207.180.196.125/luxzzxzzx/luxzz.x86e748dbced675199a959257d4c98988ed81adeb552df1e49e9a551ee71e1c85f7 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.mipsef5a218b5f76f8380672a089209bd6d105ab3f1de9193182f7e39f243a9a25b4 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.arcbcb49d1c17ee592d729505666e218a24cdeb6b3e02bc2afdd02c5f8e4d7c20ec Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.i468n/an/an/a
http://207.180.196.125/luxzzxzzx/luxzz.i6867d64e5771dfdb07a79380b24dd94ca4a000efff845f43d166f35138100836b3e Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.x86_64e3954fe14da813c8d50d3efe33d0147f47200a2b9ad211f241ceb67aa5a03b2b Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.mpsl1a8d5043cc77d05834d1b64b4a86d8db66ba5a79a23c6778d8f6b1c8b8de46f1 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.armf2eff5a895a5cc8ada50072c03058e7498a429da311d817755fe75539775dac0 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.arm567b990d653352415446745b1961b04e7e911cc24631312fc42d506696fdcff5f Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.arm6fc23ff7e39633c7880ecd08f5c7c9a1fb8aca7d9f13715c04825a0ed9fc6756a Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.arm734b4b170600f5cc21f82b2cc02c7ad074f05d76fc883578589bb868fae247339 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.ppc8a07e9304fdc6b057bcfcfd3adf1fd94a49c7e2558d83b84816fccf9ad6f97d7 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.spca23a74fe46a0625478fb4372e5d7f2ba146a287274727fdb8825c083d7f5694f Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.m68k298f5b7478b8773be59196893798255495a0a4e713926851b2a9eb405d487ca9 Miraimirai
http://207.180.196.125/luxzzxzzx/luxzz.sh4c6ca17d7a3ececd57e97f8e16034446d716ccbec54101d7c31ec82f5fc8f1a9b Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive medusa mirai
Link:
https://www.filescan.io/uploads/69f9fa882fcb905ec2805e31/reports/d71aa04f-e436-49a5-b518-5168cb360450/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-04T20:47:00Z UTC
Last seen:
2026-05-05T15:20:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a396b03b-724a-49a6-bb84-2804299d36d3
Behavior Graph:
Download SVG
%3 guuid=8fc8c3ee-1a00-0000-67be-58de0c0c0000 pid=3084 /usr/bin/sudo guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093 /tmp/sample.bin guuid=8fc8c3ee-1a00-0000-67be-58de0c0c0000 pid=3084->guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093 execve guuid=aba575f2-1a00-0000-67be-58de170c0000 pid=3095 /usr/bin/cp guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=aba575f2-1a00-0000-67be-58de170c0000 pid=3095 execve guuid=192839f9-1a00-0000-67be-58de220c0000 pid=3106 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=192839f9-1a00-0000-67be-58de220c0000 pid=3106 execve guuid=fd048afe-1a00-0000-67be-58de2b0c0000 pid=3115 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=fd048afe-1a00-0000-67be-58de2b0c0000 pid=3115 execve guuid=19a6ce08-1b00-0000-67be-58de450c0000 pid=3141 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=19a6ce08-1b00-0000-67be-58de450c0000 pid=3141 execve guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143 /tmp/luxzz.x86 net guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143 execve guuid=177feb35-1c00-0000-67be-58de060e0000 pid=3590 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=177feb35-1c00-0000-67be-58de060e0000 pid=3590 execve guuid=aa924436-1c00-0000-67be-58de080e0000 pid=3592 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=aa924436-1c00-0000-67be-58de080e0000 pid=3592 execve guuid=350a203b-1c00-0000-67be-58de130e0000 pid=3603 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=350a203b-1c00-0000-67be-58de130e0000 pid=3603 execve guuid=6478e841-1c00-0000-67be-58de230e0000 pid=3619 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=6478e841-1c00-0000-67be-58de230e0000 pid=3619 execve guuid=ab013d42-1c00-0000-67be-58de240e0000 pid=3620 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=ab013d42-1c00-0000-67be-58de240e0000 pid=3620 clone guuid=f9bbf542-1c00-0000-67be-58de260e0000 pid=3622 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=f9bbf542-1c00-0000-67be-58de260e0000 pid=3622 execve guuid=6e70704c-1c00-0000-67be-58de270e0000 pid=3623 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=6e70704c-1c00-0000-67be-58de270e0000 pid=3623 execve guuid=0b83f44f-1c00-0000-67be-58de300e0000 pid=3632 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=0b83f44f-1c00-0000-67be-58de300e0000 pid=3632 execve guuid=9062d754-1c00-0000-67be-58de430e0000 pid=3651 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=9062d754-1c00-0000-67be-58de430e0000 pid=3651 execve guuid=d8ec3755-1c00-0000-67be-58de450e0000 pid=3653 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=d8ec3755-1c00-0000-67be-58de450e0000 pid=3653 clone guuid=89010956-1c00-0000-67be-58de490e0000 pid=3657 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=89010956-1c00-0000-67be-58de490e0000 pid=3657 execve guuid=8f880d5c-1c00-0000-67be-58de5a0e0000 pid=3674 /usr/bin/wget net send-data guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=8f880d5c-1c00-0000-67be-58de5a0e0000 pid=3674 execve guuid=72894a5e-1c00-0000-67be-58de640e0000 pid=3684 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=72894a5e-1c00-0000-67be-58de640e0000 pid=3684 execve guuid=d9f2a762-1c00-0000-67be-58de6b0e0000 pid=3691 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=d9f2a762-1c00-0000-67be-58de6b0e0000 pid=3691 execve guuid=c7a53c63-1c00-0000-67be-58de6c0e0000 pid=3692 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=c7a53c63-1c00-0000-67be-58de6c0e0000 pid=3692 clone guuid=61717f63-1c00-0000-67be-58de6d0e0000 pid=3693 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=61717f63-1c00-0000-67be-58de6d0e0000 pid=3693 execve guuid=4044f163-1c00-0000-67be-58de6e0e0000 pid=3694 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=4044f163-1c00-0000-67be-58de6e0e0000 pid=3694 execve guuid=accb1a68-1c00-0000-67be-58de6f0e0000 pid=3695 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=accb1a68-1c00-0000-67be-58de6f0e0000 pid=3695 execve guuid=2a06de6d-1c00-0000-67be-58de740e0000 pid=3700 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=2a06de6d-1c00-0000-67be-58de740e0000 pid=3700 execve guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703 /tmp/luxzz.i686 net guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703 execve guuid=c580909b-1d00-0000-67be-58de64120000 pid=4708 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=c580909b-1d00-0000-67be-58de64120000 pid=4708 execve guuid=8623fb9b-1d00-0000-67be-58de66120000 pid=4710 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=8623fb9b-1d00-0000-67be-58de66120000 pid=4710 execve guuid=560aad9f-1d00-0000-67be-58de77120000 pid=4727 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=560aad9f-1d00-0000-67be-58de77120000 pid=4727 execve guuid=073590a5-1d00-0000-67be-58de8e120000 pid=4750 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=073590a5-1d00-0000-67be-58de8e120000 pid=4750 execve guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751 /tmp/luxzz.x86_64 mprotect-exec net guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751 execve guuid=81b189d0-1e00-0000-67be-58de9e140000 pid=5278 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=81b189d0-1e00-0000-67be-58de9e140000 pid=5278 execve guuid=dfc21cd1-1e00-0000-67be-58de9f140000 pid=5279 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=dfc21cd1-1e00-0000-67be-58de9f140000 pid=5279 execve guuid=e3016fd5-1e00-0000-67be-58dea0140000 pid=5280 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=e3016fd5-1e00-0000-67be-58dea0140000 pid=5280 execve guuid=2166acdb-1e00-0000-67be-58dea1140000 pid=5281 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=2166acdb-1e00-0000-67be-58dea1140000 pid=5281 execve guuid=7ef00fdc-1e00-0000-67be-58dea2140000 pid=5282 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=7ef00fdc-1e00-0000-67be-58dea2140000 pid=5282 clone guuid=2360cedc-1e00-0000-67be-58dea4140000 pid=5284 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=2360cedc-1e00-0000-67be-58dea4140000 pid=5284 execve guuid=0751bee7-1e00-0000-67be-58dea5140000 pid=5285 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=0751bee7-1e00-0000-67be-58dea5140000 pid=5285 execve guuid=ee5aadec-1e00-0000-67be-58dea6140000 pid=5286 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=ee5aadec-1e00-0000-67be-58dea6140000 pid=5286 execve guuid=7664cef1-1e00-0000-67be-58dea7140000 pid=5287 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=7664cef1-1e00-0000-67be-58dea7140000 pid=5287 execve guuid=1f342cf2-1e00-0000-67be-58dea8140000 pid=5288 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=1f342cf2-1e00-0000-67be-58dea8140000 pid=5288 clone guuid=13c5e9f2-1e00-0000-67be-58deaa140000 pid=5290 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=13c5e9f2-1e00-0000-67be-58deaa140000 pid=5290 execve guuid=427448f6-1e00-0000-67be-58deab140000 pid=5291 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=427448f6-1e00-0000-67be-58deab140000 pid=5291 execve guuid=7ef2e5f9-1e00-0000-67be-58deac140000 pid=5292 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=7ef2e5f9-1e00-0000-67be-58deac140000 pid=5292 execve guuid=f36584ff-1e00-0000-67be-58dead140000 pid=5293 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=f36584ff-1e00-0000-67be-58dead140000 pid=5293 execve guuid=34a5edff-1e00-0000-67be-58deae140000 pid=5294 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=34a5edff-1e00-0000-67be-58deae140000 pid=5294 clone guuid=2a1acd00-1f00-0000-67be-58deb0140000 pid=5296 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=2a1acd00-1f00-0000-67be-58deb0140000 pid=5296 execve guuid=eb092201-1f00-0000-67be-58deb1140000 pid=5297 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=eb092201-1f00-0000-67be-58deb1140000 pid=5297 execve guuid=9d751904-1f00-0000-67be-58deb2140000 pid=5298 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=9d751904-1f00-0000-67be-58deb2140000 pid=5298 execve guuid=ec776a08-1f00-0000-67be-58deb3140000 pid=5299 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=ec776a08-1f00-0000-67be-58deb3140000 pid=5299 execve guuid=64bac008-1f00-0000-67be-58deb4140000 pid=5300 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=64bac008-1f00-0000-67be-58deb4140000 pid=5300 clone guuid=aee98509-1f00-0000-67be-58deb6140000 pid=5302 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=aee98509-1f00-0000-67be-58deb6140000 pid=5302 execve guuid=06aee509-1f00-0000-67be-58deb7140000 pid=5303 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=06aee509-1f00-0000-67be-58deb7140000 pid=5303 execve guuid=0bc1340d-1f00-0000-67be-58deb8140000 pid=5304 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=0bc1340d-1f00-0000-67be-58deb8140000 pid=5304 execve guuid=43887011-1f00-0000-67be-58deb9140000 pid=5305 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=43887011-1f00-0000-67be-58deb9140000 pid=5305 execve guuid=965cc011-1f00-0000-67be-58deba140000 pid=5306 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=965cc011-1f00-0000-67be-58deba140000 pid=5306 clone guuid=0b157712-1f00-0000-67be-58debc140000 pid=5308 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=0b157712-1f00-0000-67be-58debc140000 pid=5308 execve guuid=de7acb12-1f00-0000-67be-58debd140000 pid=5309 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=de7acb12-1f00-0000-67be-58debd140000 pid=5309 execve guuid=2a753117-1f00-0000-67be-58debe140000 pid=5310 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=2a753117-1f00-0000-67be-58debe140000 pid=5310 execve guuid=e3cedc1b-1f00-0000-67be-58debf140000 pid=5311 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=e3cedc1b-1f00-0000-67be-58debf140000 pid=5311 execve guuid=1e80371c-1f00-0000-67be-58dec0140000 pid=5312 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=1e80371c-1f00-0000-67be-58dec0140000 pid=5312 clone guuid=b930ed1c-1f00-0000-67be-58dec2140000 pid=5314 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=b930ed1c-1f00-0000-67be-58dec2140000 pid=5314 execve guuid=d7b8ac1e-1f00-0000-67be-58dec3140000 pid=5315 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=d7b8ac1e-1f00-0000-67be-58dec3140000 pid=5315 execve guuid=77196222-1f00-0000-67be-58dec4140000 pid=5316 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=77196222-1f00-0000-67be-58dec4140000 pid=5316 execve guuid=369bf926-1f00-0000-67be-58dec5140000 pid=5317 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=369bf926-1f00-0000-67be-58dec5140000 pid=5317 execve guuid=58436027-1f00-0000-67be-58dec6140000 pid=5318 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=58436027-1f00-0000-67be-58dec6140000 pid=5318 clone guuid=04e43028-1f00-0000-67be-58dec8140000 pid=5320 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=04e43028-1f00-0000-67be-58dec8140000 pid=5320 execve guuid=4037d528-1f00-0000-67be-58dec9140000 pid=5321 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=4037d528-1f00-0000-67be-58dec9140000 pid=5321 execve guuid=b5ac262d-1f00-0000-67be-58deca140000 pid=5322 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=b5ac262d-1f00-0000-67be-58deca140000 pid=5322 execve guuid=63199c31-1f00-0000-67be-58decb140000 pid=5323 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=63199c31-1f00-0000-67be-58decb140000 pid=5323 execve guuid=7b9afd31-1f00-0000-67be-58decc140000 pid=5324 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=7b9afd31-1f00-0000-67be-58decc140000 pid=5324 clone guuid=d260ff33-1f00-0000-67be-58dece140000 pid=5326 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=d260ff33-1f00-0000-67be-58dece140000 pid=5326 execve guuid=d3035f34-1f00-0000-67be-58decf140000 pid=5327 /usr/bin/wget net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=d3035f34-1f00-0000-67be-58decf140000 pid=5327 execve guuid=29daa838-1f00-0000-67be-58ded0140000 pid=5328 /usr/bin/curl net send-data write-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=29daa838-1f00-0000-67be-58ded0140000 pid=5328 execve guuid=757aac3d-1f00-0000-67be-58ded1140000 pid=5329 /usr/bin/chmod guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=757aac3d-1f00-0000-67be-58ded1140000 pid=5329 execve guuid=7984f53d-1f00-0000-67be-58ded2140000 pid=5330 /usr/bin/bash guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=7984f53d-1f00-0000-67be-58ded2140000 pid=5330 clone guuid=9a23903e-1f00-0000-67be-58ded4140000 pid=5332 /usr/bin/rm delete-file guuid=084400f2-1a00-0000-67be-58de150c0000 pid=3093->guuid=9a23903e-1f00-0000-67be-58ded4140000 pid=5332 execve c24d0826-8183-5848-b78a-c0c2018441b1 207.180.196.125:80 guuid=192839f9-1a00-0000-67be-58de220c0000 pid=3106->c24d0826-8183-5848-b78a-c0c2018441b1 send: 149B guuid=fd048afe-1a00-0000-67be-58de2b0c0000 pid=3115->c24d0826-8183-5848-b78a-c0c2018441b1 send: 98B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a4c38d09-1b00-0000-67be-58de480c0000 pid=3144 /tmp/luxzz.x86 guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143->guuid=a4c38d09-1b00-0000-67be-58de480c0000 pid=3144 clone guuid=1826d535-1c00-0000-67be-58de030e0000 pid=3587 /tmp/luxzz.x86 guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143->guuid=1826d535-1c00-0000-67be-58de030e0000 pid=3587 clone guuid=2736dd35-1c00-0000-67be-58de050e0000 pid=3589 /tmp/luxzz.x86 net send-data zombie guuid=aa924109-1b00-0000-67be-58de470c0000 pid=3143->guuid=2736dd35-1c00-0000-67be-58de050e0000 pid=3589 clone guuid=9b929509-1b00-0000-67be-58de4a0c0000 pid=3146 /tmp/luxzz.x86 guuid=a4c38d09-1b00-0000-67be-58de480c0000 pid=3144->guuid=9b929509-1b00-0000-67be-58de4a0c0000 pid=3146 clone guuid=66a29c09-1b00-0000-67be-58de4b0c0000 pid=3147 /tmp/luxzz.x86 dns net send-data zombie guuid=a4c38d09-1b00-0000-67be-58de480c0000 pid=3144->guuid=66a29c09-1b00-0000-67be-58de4b0c0000 pid=3147 clone guuid=66a29c09-1b00-0000-67be-58de4b0c0000 pid=3147->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 44B 9888662e-fe68-5285-8140-1653dd66142c manzzkontolaktolakan.my.id:69 guuid=66a29c09-1b00-0000-67be-58de4b0c0000 pid=3147->9888662e-fe68-5285-8140-1653dd66142c send: 19B guuid=2736dd35-1c00-0000-67be-58de050e0000 pid=3589->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 1100B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=2736dd35-1c00-0000-67be-58de050e0000 pid=3589->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B cfe1b204-5c70-5631-a9ad-787edb8c8ec1 manzzkontolaktolakan.my.id:80 guuid=aa924436-1c00-0000-67be-58de080e0000 pid=3592->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=350a203b-1c00-0000-67be-58de130e0000 pid=3603->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=6e70704c-1c00-0000-67be-58de270e0000 pid=3623->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 149B guuid=0b83f44f-1c00-0000-67be-58de300e0000 pid=3632->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 98B guuid=8f880d5c-1c00-0000-67be-58de5a0e0000 pid=3674->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=72894a5e-1c00-0000-67be-58de640e0000 pid=3684->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=4044f163-1c00-0000-67be-58de6e0e0000 pid=3694->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=accb1a68-1c00-0000-67be-58de6f0e0000 pid=3695->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e110926e-1c00-0000-67be-58de790e0000 pid=3705 /tmp/luxzz.i686 guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703->guuid=e110926e-1c00-0000-67be-58de790e0000 pid=3705 clone guuid=0318839b-1d00-0000-67be-58de61120000 pid=4705 /tmp/luxzz.i686 guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703->guuid=0318839b-1d00-0000-67be-58de61120000 pid=4705 clone guuid=df22879b-1d00-0000-67be-58de63120000 pid=4707 /tmp/luxzz.i686 net send-data zombie guuid=5743486e-1c00-0000-67be-58de770e0000 pid=3703->guuid=df22879b-1d00-0000-67be-58de63120000 pid=4707 clone guuid=728c9a6e-1c00-0000-67be-58de7a0e0000 pid=3706 /tmp/luxzz.i686 guuid=e110926e-1c00-0000-67be-58de790e0000 pid=3705->guuid=728c9a6e-1c00-0000-67be-58de7a0e0000 pid=3706 clone guuid=c659a06e-1c00-0000-67be-58de7b0e0000 pid=3707 /tmp/luxzz.i686 dns net send-data zombie guuid=e110926e-1c00-0000-67be-58de790e0000 pid=3705->guuid=c659a06e-1c00-0000-67be-58de7b0e0000 pid=3707 clone guuid=c659a06e-1c00-0000-67be-58de7b0e0000 pid=3707->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 132B guuid=c659a06e-1c00-0000-67be-58de7b0e0000 pid=3707->9888662e-fe68-5285-8140-1653dd66142c send: 52B guuid=df22879b-1d00-0000-67be-58de63120000 pid=4707->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 1100B guuid=df22879b-1d00-0000-67be-58de63120000 pid=4707->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=8623fb9b-1d00-0000-67be-58de66120000 pid=4710->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 152B guuid=560aad9f-1d00-0000-67be-58de77120000 pid=4727->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 101B guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ec9309a6-1d00-0000-67be-58de91120000 pid=4753 /tmp/luxzz.x86_64 guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751->guuid=ec9309a6-1d00-0000-67be-58de91120000 pid=4753 clone guuid=d5e576d0-1e00-0000-67be-58de9c140000 pid=5276 /tmp/luxzz.x86_64 guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751->guuid=d5e576d0-1e00-0000-67be-58de9c140000 pid=5276 clone guuid=19ce7cd0-1e00-0000-67be-58de9d140000 pid=5277 /tmp/luxzz.x86_64 dns net send-data zombie guuid=a8f2d6a5-1d00-0000-67be-58de8f120000 pid=4751->guuid=19ce7cd0-1e00-0000-67be-58de9d140000 pid=5277 clone guuid=c3e912a6-1d00-0000-67be-58de92120000 pid=4754 /tmp/luxzz.x86_64 guuid=ec9309a6-1d00-0000-67be-58de91120000 pid=4753->guuid=c3e912a6-1d00-0000-67be-58de92120000 pid=4754 clone guuid=cd4018a6-1d00-0000-67be-58de93120000 pid=4755 /tmp/luxzz.x86_64 dns net send-data zombie guuid=ec9309a6-1d00-0000-67be-58de91120000 pid=4753->guuid=cd4018a6-1d00-0000-67be-58de93120000 pid=4755 clone guuid=cd4018a6-1d00-0000-67be-58de93120000 pid=4755->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 176B guuid=cd4018a6-1d00-0000-67be-58de93120000 pid=4755->9888662e-fe68-5285-8140-1653dd66142c send: 74B guuid=19ce7cd0-1e00-0000-67be-58de9d140000 pid=5277->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 132B guuid=19ce7cd0-1e00-0000-67be-58de9d140000 pid=5277->9888662e-fe68-5285-8140-1653dd66142c send: 56B guuid=dfc21cd1-1e00-0000-67be-58de9f140000 pid=5279->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=e3016fd5-1e00-0000-67be-58dea0140000 pid=5280->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=0751bee7-1e00-0000-67be-58dea5140000 pid=5285->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 149B guuid=ee5aadec-1e00-0000-67be-58dea6140000 pid=5286->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 98B guuid=427448f6-1e00-0000-67be-58deab140000 pid=5291->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=7ef2e5f9-1e00-0000-67be-58deac140000 pid=5292->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=eb092201-1f00-0000-67be-58deb1140000 pid=5297->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=9d751904-1f00-0000-67be-58deb2140000 pid=5298->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=06aee509-1f00-0000-67be-58deb7140000 pid=5303->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=0bc1340d-1f00-0000-67be-58deb8140000 pid=5304->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=de7acb12-1f00-0000-67be-58debd140000 pid=5309->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 149B guuid=2a753117-1f00-0000-67be-58debe140000 pid=5310->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 98B guuid=d7b8ac1e-1f00-0000-67be-58dec3140000 pid=5315->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 149B guuid=77196222-1f00-0000-67be-58dec4140000 pid=5316->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 98B guuid=4037d528-1f00-0000-67be-58dec9140000 pid=5321->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 150B guuid=b5ac262d-1f00-0000-67be-58deca140000 pid=5322->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 99B guuid=d3035f34-1f00-0000-67be-58decf140000 pid=5327->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 149B guuid=29daa838-1f00-0000-67be-58ded0140000 pid=5328->cfe1b204-5c70-5631-a9ad-787edb8c8ec1 send: 98B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-05-05 01:41:16 UTC
File Type:
Text (Shell)
AV detection:
22 of 37 (59.46%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=omuekkv6veywnw4oeovuxbmlrjofn2qazti4ji565pxh5jpgqmoq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260505-rhgg1adw7k/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Family: Mirai
Malware Config
C2 Extraction:
manzzkontolaktolakan.my.id
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7328452abea9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7328452abea93166db8e23ab4b858b8a5c56ea00ccd1c4a3beebee7ea5e6831d

(this sample)

Mirai

elf 864ad21ff5d11244c819046a33555e558a7bd86727cb5de2e18ab6e6e9ef50ee

Mirai

elf e748dbced675199a959257d4c98988ed81adeb552df1e49e9a551ee71e1c85f7

  
URLhaus
https://urlhaus.abuse.ch/url/3839545/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d2fed20467dda30f7373850633534e96
  
Dropping
SHA256 e748dbced675199a959257d4c98988ed81adeb552df1e49e9a551ee71e1c85f7

Comments